CVE-2022-0071 — Vulnetix

CVE-2022-0071 PUBLISHED CVSS 8.800000190734863 HIGH

Incomplete fix for CVE-2021-3101. Hotdog, prior to v1.0.2, did not mimic the resource limits, device restrictions, or syscall filters of the target JVM process. This would allow a container to exhaust the resources of the host, modify devices, or make syscalls that would otherwise be blocked.

EPSS 0.04% · 12.2th percentile

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.04%

12.2th percentile

Affected Products

Vendor	Product	Versions
Amazon Web Services	Hotdog	unspecified
hotdog_project	hotdog	0

Timeline

Apr 19, 2022 CVE Published
Apr 20, 2022 EPSS Score
Jun 9, 2022 EPSS Score
Jul 30, 2022 EPSS Score
Sep 18, 2022 EPSS Score
Nov 7, 2022 EPSS Score
Dec 27, 2022 EPSS Score
Feb 15, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 6, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 14, 2023 EPSS Score

References

https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities url
https://github.com/bottlerocket-os/hotdog/security/advisories/GHSA-jr96-7frv-3mpj url

Open in Interactive Console →